exploitDog

GHSA-5j3x-hf29-3qgv

Опубликовано: 09 дек. 2025

Источник: github

Github: Не прошло ревью

CVSS4: 9.3

Описание

COMMAX Smart Home System CDP-1020n contains an SQL injection vulnerability that allows attackers to bypass authentication by injecting arbitrary SQL code through the 'id' parameter in 'loginstart.asp'. Attackers can exploit this by sending a POST request with malicious 'id' values to manipulate database queries and gain unauthorized access.

COMMAX Smart Home System CDP-1020n contains an SQL injection vulnerability that allows attackers to bypass authentication by injecting arbitrary SQL code through the 'id' parameter in 'loginstart.asp'. Attackers can exploit this by sending a POST request with malicious 'id' values to manipulate database queries and gain unauthorized access.

Ссылки

EPSS

Процентиль: 41%

0.00192

Низкий

9.3 Critical

CVSS4

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2021-47708

nvd

2 месяца назад

COMMAX Smart Home System CDP-1020n contains an SQL injection vulnerability that allows attackers to bypass authentication by injecting arbitrary SQL code through the 'id' parameter in 'loginstart.asp'. Attackers can exploit this by sending a POST request with malicious 'id' values to manipulate database queries and gain unauthorized access.

EPSS

Процентиль: 41%

0.00192

Низкий

9.3 Critical

CVSS4

CVE ID

Дефекты

CWE-89